<?
#include ("../DB/Database.class.php");
#include ("../DB/ORM.class.php");
#include("../../classes/business/panel_control/Sucursal.class.php");
session_start();
class User
{
	var $id;
	var $firstname;
	var $lastname;
	var $login;
	var $md5pass;
	var $security_profile_id;
	
	function User($id="",$fname="",$lname="", $login="", $md5pass="", $security_profile_id=""){
		$this->id = $id;
		$this->firstname=$fname;
		$this->lastname=$lname;
		$this->login = $login;
		$this->md5pass = $md5pass;		
		$this->security_profile_id = $security_profile_id;
	}
	



	public static function Login ($login_name, $pass, $redirect)
	{
		$md5pass = md5($pass);
		$user_exists = DataBase::ExecuteScalar("SELECT count(1) FROM users WHERE login = '$login_name' AND password = '$md5pass'");
		if($user_exists == 1){

		$qry = "SELECT * FROM users WHERE login = '$login_name' AND password = '$md5pass'";
		//echo $qry;
		$row = DataBase::ExecuteQuery($qry);
		$_SESSION["user"] = new User($row[0][0], $row[0][1], $row[0][2], $row[0][3], $row[0][4], $row[0][5]);
		
		//print_r($row);
		#-----------------------------
		echo "<script>window.location = '$redirect'</script>"; 
		}else{
		echo "Nombre de Usuario y Contraseña no coinciden, Favor de reintentar.";
		}
	}
	
	public static function VerifySecurity()
	{
		if(isset($_SESSION["user"]))
			return true;
		else
			echo "<script>window.location='logout.php'</script>";
	}
	
	public function Load($id){	
		ORM::Load($this, "SELECT * FROM users WHERE idusers = $id");
	}
	
	public function Insert($request){

		unset($this->md5pass, $this->login, $this->security_profile_id);
	
		$column_names =DataBase::FieldsName("SELECT * FROM users");				
		
		foreach($column_names as $key => $value)
			$this->$value = "";
		
		$request['password'] = md5($request['password']);			

	
		
		ORM::DataBinding($this, $request);
		$insertStatement = ORM::InsertStatement($this, "users");
		$affected_rows = DataBase::ExecuteNonQuery($insertStatement);
		
		if($affected_rows == 1)
			return true;
		else
			return false;

	}		
	
	public function Update($request){
	
		unset($this->login);
		unset($this->md5pass);
		unset($this->security_profile_id);
		if($request[password] == "")	unset($this->pass);
		else						$request[password] = md5($request[password]);


		ORM::DataBinding($this, $request);
		$update_statement = ORM::UpdateStatement($this, "users");
		$affected_rows = DataBase::ExecuteNonQuery($update_statement);
		
		if($affected_rows == 1 || $affected_rows == 0)
			return true;
		else
			return false;
	}	
	
	
}
#User::Login('ralfaro', 'ralfaro', "");
#print_r($_SESSION);
#echo $_SESSION["sucursal"]->id;
#include ("../DB/Database.class.php");
#session_start();
/*Clase usuario*/
/*
class User {

	var $id;
	var $login;
	var $pass;
	var $md5pass;


	function User($login, $pass) {
		$this->login = $login;
		$this->pass = $pass;
		$this->md5pass = md5($pass);
		$this->id = $this->getId();
	}

	function login($redirect = "/thegym/main.php") {
		if ($this->hasValidCredentials()) {
			$_SESSION["user"] = $this;
			echo "<script>window.location = '$redirect'</script>";
		} else
			echo "<div style=\"font-size:10px; color:#FF0000; text-align:center;\">Los datos proporcionados no son correctos, Favor de corregir.</div>";

	} #fin login

	function changePassword($newPass1, $newPass2) {
		if ($this->hasValidCredentials()) {
			if ($newPass1 == $newPass2) {
			$sql = "UPDATE usuarios SET pass = md5('$newPass1') WHERE id = " . $this->id;
				$result = mysql_query($sql);
				if ($result)
					echo "<script>alert('Password cambiado correctamente'); window.close();</script>";
				else
					echo "Hubo un problema por favor reintente en unos minutos";
			} else
				echo "Los nuevos passwords no coinciden";
		} else
			echo "El usuario y password originales no son validos";

	} #end changePassword

	function hasValidCredentials() {
		$sql = "SELECT *
					   FROM usuarios
					   WHERE nombreu = '" . $login . "' AND pass = '" . $md5pass . "'";
		$results = DataBase::ExecuteQuery($sql, "ARRAY");

		if (($results[nombreu] == $this->login) && ($row[pass] == $this->md5pass))
			return true;
		else
			return true;

	} #fin validateCredentials

	function getId() {
		$sql = "SELECT id FROM usuarios WHERE nombreu = '".$login."' AND pass = 	'".$pass."'";
		return DataBase::ExecuteScalar($sql);

	}# fin getId
	
	function createUser($user, $pass, $securityProfile){
		$sql= "INSERT into usuarios SET nombreu='$user', pass=md5('$pass'), security_profile = $securityProfile";
		$res = mysql_query($sql);
		return $res;
	}# end create user
} #fin user
#$u = new User("ralfaro","ralfaro");
#$u->login();
#$u->changePassword("z","z");
*/
?>
